Designing for Privacy in Mobile and Web Apps - Interaction '14, Amsterdam

5,868 views

Published on

Practice privacy by design, not privacy by disaster!
See the talk here: http://caseorganic.com/articles/2014/02/12/1/designing-for-privacy-in-mobile-and-web-apps-at-interaction-14-in-amsterdam

Almost every application requires some gathering of personal data today. Where that data is stored, who has access to it, and what is done with that data later on is becoming increasingly important as more and more of our data lives online today. Privacy disasters are costly and can be devastating to a company. UX designers and developers need to have a framework for protecting user data, communicating it to users, and making sure that the entire process is smoothly handled.

This talk covers best practices for designing web and mobile apps with the privacy of individual users in mind. Privacy has been an even bigger issue with location-based apps, and we ran into it head-first when we began work on Geoloqi (now part of Esri). Designing an interface that made one's personal empowering instead of creepy was our goal. The stories from our design decisions with our application will also be included in this talk.

Published in: Design

Designing for Privacy in Mobile and Web Apps - Interaction '14, Amsterdam

  1. 1. caseorganic.com Designing for privacy in mobile and web apps Interaction '14 Amber Case @caseorganic caseorganic.com
  2. 2. caseorganic.com Part I: Present Day
  3. 3. caseorganic.com What is Privacy?
  4. 4. caseorganic.com The ability to have control over where your content goes and who it is accessed by.
  5. 5. caseorganic.com The ability to choose what content you share, view and access without being tracked.
  6. 6. caseorganic.com Privacy is the ability not to be surprised.
  7. 7. caseorganic.com
  8. 8. caseorganic.com Privacy can also be a feeling or perception of security. This perception of security can be designed.
  9. 9. caseorganic.com
  10. 10. caseorganic.com Privacy on the Web Old Web: Social silos don't exist. Where you go on the web is not tracked New Web: Logged into FB, Google: everything you look at is tracked
  11. 11. caseorganic.com “We invest much of our lives into virtual ‘condos’ that anyone can walk into and do what they like.” -@rahulsen79
  12. 12. caseorganic.com We're all sharecropping indiewebcamp.com/sharecropping
  13. 13. caseorganic.com Changing user interfaces twitter.com
  14. 14. caseorganic.com How can we design for privacy? 1. Temporary Solution (Privacy by Design) 2. Longer term Solution (Data Ownership) Privacy by Design: Ann Cavoukian, Ph.D. Information & Privacy Commissioner, Ontario, Canada. http://www.privacybydesign.ca/
  15. 15. caseorganic.com Part II: Privacy by Design
  16. 16. caseorganic.com Smartphone Cameras
  17. 17. caseorganic.com Google Glass
  18. 18. caseorganic.com What was different? • Design and product launch • Developer on-boarding fail • Secrecy/Mystery/Exclusivity • Closed system • Too many features • Price
  19. 19. caseorganic.com Results • Reduced play • Confusion • Pseudo-elite status • Fear • Speculation
  20. 20. caseorganic.com Questions people ask me when I’m wearing Google Glass
  21. 21. caseorganic.com Compare to iPhone Developer Launch Development tools available before new hardware/OS released • $99 fee • Launch: many apps • People had phones already
  22. 22. caseorganic.com Trying to "Calm" the device Headbanding: “moving one's Glass before entering an establishment"
  23. 23. caseorganic.com Half of privacy is perceived The idea of privacy is socially created and attached to behavioral norms. Behavior can change when norms change.
  24. 24. caseorganic.com Success Narrative (formerly Memoto) http://getnarrative.com/
  25. 25. caseorganic.com Why? •Designed •Built to be "calm" upon previous products (iteration) •Clearly defined. (Lifelogging device). •Not at eye level. Small friendly rounded corners •Not immediate (download later)
  26. 26. caseorganic.com Part III: Building privacy into mobile and web apps #dataprivacy
  27. 27. caseorganic.com 1. Get a privacy policy Privacy policies are regret management tools. Only 30% of mobile app developers have one.
  28. 28. caseorganic.com Minimum Viable Privacy Policy: Who you are (identity and contact details), Categories of personal data the app wants to collect/process, Why the data processing is necessary (for what precise purposes), Whether data will be disclosed to which third parties Data withdrawal rights and account deletion policy https://www.iubenda.com/blog/2013/06/10/the-need-for-privacy-policies-in-mobile-apps-an-overview/
  29. 29. caseorganic.com 2. Simplify and Consolidate Privacy policies should be easy to understand Create two sections – Plain Text and Legalese
  30. 30. caseorganic.com Terms of Service; Didn't Read MEDIUM Reserves the right to use your name and content for any purpose forever, even if they get acquired in the future. Wikia Communities don't own their content and can't transfer it off their site. tosdr.org (thanks bret.io!)
  31. 31. caseorganic.com How many of you have read the entire iTunes privacy policy?
  32. 32. caseorganic.com What about Creative Commons?
  33. 33. caseorganic.com 3. Allow people to access / export their data
  34. 34. caseorganic.com 4. Privacy by design vs. privacy by disaster Privacy consideration should be incorporated into every aspect of your app. Web, legal, user experience, messaging, marketing and development. Act now or be forced to act later.
  35. 35. caseorganic.com 5. Consolidate and simplify settings and permissions Make controls easy to access. On/off switches, simple settings.
  36. 36. caseorganic.com 6. Contextual Privacy Instagram, Facebook, Foursquare do this well. Expose privacy controls with every piece of content that can be created or shared
  37. 37. caseorganic.com 7. No one is perfect Hosting user data is a privilege, not a right Apologize immediately if you make a mistake. Fix the problem immediately
  38. 38. caseorganic.com 8. Authentication and Permissions • Allow for temporary authenticatio n Show data options and time
  39. 39. caseorganic.com 8. Authentication and Permissions When in doubt give control
  40. 40. caseorganic.com 9. Community Involvement
  41. 41. caseorganic.com 10. Be Clever: Accomplish your goals in the least amount of moves* *even/especially if it takes more time to think about the solution.
  42. 42. caseorganic.com Part IV: The Future of Privacy and Data Ownership
  43. 43. caseorganic.com Easier to Consume vs. Create
  44. 44. caseorganic.com
  45. 45. caseorganic.com Own your own data Build your own website Use social networks for distribution Web frameworks will emerge that will make this easier
  46. 46. caseorganic.com What happened?
  47. 47. caseorganic.com Blogs | RSS Readers
  48. 48. caseorganic.com 2003: RSS/ATOM WARS
  49. 49. caseorganic.com Pingbacks/ Trackbacks: a way to tell if someone linked to your site
  50. 50. caseorganic.com Pingback Spam
  51. 51. caseorganic.com Picking up from where 2003 left off . Need a way to own our data 1. Learn and improve on what we're doing! 2. Just implement something
  52. 52. caseorganic.com POSSE Publish (on your) Own Site, Syndicate Elsewhere Tweet is published to your own site and sent by your domain to Twitter indiewebcamp.com/POSSE
  53. 53. caseorganic.com PESOS Publish Elsewhere, Syndicate (to your) Own Site indiewebcamp.com/PESOS
  54. 54. caseorganic.com Webmentions indiewebcamp.com/PESOS
  55. 55. caseorganic.com Webmentions
  56. 56. caseorganic.com Indiewebcamp.com
  57. 57. caseorganic.com Why do we need an IndieWeb? Afraid of losing your photos and files 1 Frozen account due to violated TOS 2 Lost content due to acquisition 3 Silos profiting off your data 4 The ability to create again indiewebcamp.com/why
  58. 58. caseorganic.com
  59. 59. caseorganic.com Freedom! The freedom to decide what content and what types of content to publish, and to store over time Control your UI/UX – you decide Own your content forever indiewebcamp.com/why
  60. 60. caseorganic.com Homestead, don't Sharecrop! A home for your data • Your blog becomes a creative outlet for you + learning place for new stuff • Hyperlinks on the open web, giving web back its richness www.onebigfluke.com/2012/07/focusing-on-positives-why-i-have-my-own.html
  61. 61. caseorganic.com Thank you! caseorganic.com Interaction '14 Amber Case @caseorganic

×